[PATCH] BROKEN_STRNDUP and BROKEN_STRNLEN and AIX
Alexander Bokovoy
ab at samba.org
Wed May 22 02:18:58 MDT 2013
Hi,
On Wed, May 22, 2013 at 11:11 AM, Andrew Bartlett <abartlet at samba.org>wrote:
> On Wed, 2013-05-22 at 11:05 +0300, Alexander Bokovoy wrote:
> > Hi,
> >
> >
> > On Wed, May 22, 2013 at 10:39 AM, Andrew Bartlett <abartlet at samba.org>
> > wrote:
> > Simo and Christian,
> >
> > I'm wondering if either of you know more about the allegation
> > that
> > strndup and strnlen are broken on AIX?
> >
> > This is one of the very few outstanding config.h differences
> > I'm tracking in
> > https://bugzilla.samba.org/show_bug.cgi?id=8969
> >
> > It appears to be forced on for all AIX hosts:
> >
> > commit 804cfb20a067b4b687089dc72a8271b3abf20f31
> > Author: Simo Sorce <idra at samba.org>
> > Date: Wed Aug 25 14:24:16 2004 +0000
> >
> > r2070: Let's try to overload srnlen and strndup for AIX
> > where they are natly broken.
> > (This used to be commit
> > 98feb3318f54bb48ce56fc8f4721fec4967b9dd9)
> >
> > diff --git a/source3/configure.in b/source3/configure.in
> > index d35e89c..4329665 100644
> > --- a/source3/configure.in
> > +++ b/source3/configure.in
> > @@ -1206,6 +1206,8 @@ if test "$enable_shared" = "yes"; then
> > fi
> >
> >
> > AC_DEFINE(STAT_ST_BLOCKSIZE,DEV_BSIZE,[The size of a block])
> > + AC_DEFINE(BROKEN_STRNLEN,1,[Does
> > strnlen work correctly])
> > + AC_DEFINE(BROKEN_STRNDUP,1,[Does
> > strndup work correctly])
> > ;;
> > *hpux*) AC_DEFINE(HPUX,1,[Whether the host os
> > is HPUX])
> > SHLIBEXT="sl"
> >
> > Before I simply do the same in waf (probably in libreplace),
> > do either
> > of you know more of the background here, such as does this
> > apply to all
> > AIX versions, or is it possible to test for it less bluntly?
> > This discussion (which refers to our bug #1097) clarifies the issue:
> >
> http://stackoverflow.com/questions/2091460/strndup-call-is-currupting-stack-frames
> >
> >
> > strndup() is broken at least on AIX 6.1:
> > ".. Tracing through the instructions in strndup, it appears that it
> > mallocs a buffer that is just large enough to handle the string in s
> > plus a NULL terminator. However, it will always copy n characters to
> > the new buffer, padding with zeros if necessary, causing a buffer
> > overflow if strlen(s) < n."
>
> The revised attached patch tries to put some of this background into the
> code.
>
I wonder if we could simply run the reproducer and if that fails outlaw
strndup()?
The reproducer is available in this answer:
http://stackoverflow.com/a/12080251
Running it would preclude cross-compiling to AIX but that is not something
we could do now anyway.
--
/ Alexander Bokovoy
More information about the samba-technical
mailing list